bookmarklet not allowed to run on some sites
Opened this issue · 2 comments
Using org-mode and emacs from recent git, up-to-date org-protocol-capture-html, with firefox nightly & a current Arch Linux.
emacsclient "org-protocol://capture-html?template=w&url=http:%2F%2Flocalhost%2Findex.html&title=The%20title&body=hello" produces a capture buffer perfectly (yay!), as does loading this URL in the Firefox address bar:
org-protocol://capture-html?template=w&url=http:%2F%2Flocalhost%2Findex.html&title=The%20title&body=<b>hello</b>
However, trying to test out the bookmarklets in a page from github gives the following error in the FF console:
Content Security Policy: The page’s settings blocked the loading of a resource at inline (“script-src”).
Not sure if this is perhaps actually a bug in firefox (cf this bug report , but also this blogpost about the general issue ).
it's a bummer but the package still seems to mostly work!
Thanks for reporting. I'll look at the links when I get a chance.
I don't know if anything can be done. Firefox is becoming less and less useful, and we seem to be headed for a new "dark age" of web browsers. Mozilla doesn't care about empowering users anymore, and this is a great example: allowing web sites to control what users can do in their browsers. It's disgraceful. I would hope that there's a hidden setting, but that blog post doesn't mention one...
Really, Mozilla doesn't care about what users want, they just want to imitate Chrome to steal some of Chrome's users--who might as well just keep using Chrome. And Mozilla isn't a great company either; even if you are concerned about using a browser made by Google, Mozilla gets lots of money from Google, has for years, and Mozilla's own privacy record is not good. So it looks like browsers are going to keep getting worse for a while.
Anyway, I find myself doing more browsing (of text-based pages, anyway) in Emacs when I can. Check out org-web-tools if you haven't seen it.
Thanks.
Perhaps this issue is obsolete. Despite the bug mention by the reporter is still open, another fix allowed bookmarklets that do not inject external scripts: 1478037 - Allow bookmarklets to run even when the CSP on the page would normally block javascript: execution (Firefox-69 2019-05-31 14:56 PDT).